From c9fc80984a2be81cfa810551bc1d752a186c79da Mon Sep 17 00:00:00 2001
From: Florent Vilmart <flovilmart@users.noreply.github.com>
Date: Sat, 23 Jul 2016 20:14:53 +0200
Subject: [PATCH] Makes sure we don't strip authData or session token from
 users using masterKey (#2348)

* Makes sure we don't strip auth data or session token from users queried with masterKey (#2342))

* nit: test title
---
 spec/ParseUser.spec.js | 30 ++++++++++++++++++++++++++++++
 src/RestQuery.js       |  2 +-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js
index 89b24b0e..8a4d9186 100644
--- a/spec/ParseUser.spec.js
+++ b/spec/ParseUser.spec.js
@@ -1029,6 +1029,36 @@ describe('Parse.User testing', () => {
     });
   });
 
+  it_exclude_dbs(['postgres'])("user authData should be available in cloudcode (#2342)", (done) => {
+
+    Parse.Cloud.define('checkLogin', (req, res) => {
+      expect(req.user).not.toBeUndefined();
+      expect(Parse.FacebookUtils.isLinked(req.user)).toBe(true);
+      res.success();
+    });
+
+    var provider = getMockFacebookProvider();
+    Parse.User._registerAuthenticationProvider(provider);
+    Parse.User._logInWith("facebook", {
+      success: function(model) {
+        ok(model instanceof Parse.User, "Model should be a Parse.User");
+        strictEqual(Parse.User.current(), model);
+        ok(model.extended(), "Should have used subclass.");
+        strictEqual(provider.authData.id, provider.synchronizedUserId);
+        strictEqual(provider.authData.access_token, provider.synchronizedAuthToken);
+        strictEqual(provider.authData.expiration_date, provider.synchronizedExpiration);
+        ok(model._isLinked("facebook"), "User should be linked to facebook");
+
+        Parse.Cloud.run('checkLogin').then(done, done);
+      },
+      error: function(model, error) {
+        console.error(model, error);
+        ok(false, "linking should have worked");
+        done();
+      }
+    });
+  });
+
   it_exclude_dbs(['postgres'])("log in with provider and update token", (done) => {
     var provider = getMockFacebookProvider();
     var secondProvider = getMockFacebookProviderWithIdToken('8675309', 'jenny_valid_token');
diff --git a/src/RestQuery.js b/src/RestQuery.js
index e3569f0f..0dc95ff3 100644
--- a/src/RestQuery.js
+++ b/src/RestQuery.js
@@ -504,7 +504,7 @@ function includePath(config, auth, response, path) {
         obj.__type = 'Object';
         obj.className = includeResponse.className;
 
-        if (obj.className == "_User") {
+        if (obj.className == "_User" && !auth.isMaster) {
           delete obj.sessionToken;
           delete obj.authData;
         }